Huge Security Flaw Discovered in Windows 10

Huge Security Flaw Discovered in Windows 10

Naturally, the flaw could allow hackers to steal passwords

 

The Daily Mail reported that a Google researcher discovered a huge security flaw in Windows 10 that could have allowed hackers to steal the passwords of thousands of users.

For around eight days this month, some versions of the operating system shipped with a password manager with a massive security flaw. The bug meant cybercriminals could easily take the passwords stored in the third-party app and use them to break into people's online accounts.

John Steven, senior director of software security at Synopsys, said: "Rather than defeating the underlying encryption that protects users’ credentials, many of these vulnerabilities attack password (PW) managers’ interfaces or the APIs that connect them and the browser they service. Security practitioners  advise users to use PW management plugins rather than visiting the PW manager’s website in order to avoid the classic AppSec vulnerabilities in those web interfaces. Yet, Tavis discovered the latest vulnerability in the supposedly safer plugin.

"PW managers will continue to be vulnerable to these kinds attacks, whether their users engage them as websites or plugins because of how they’re designed to work. PW managers need to be able to observe both data about the URL being visited as well as the structure of the page and its forms. They do this in order to facilitate matching the applicable credentials and then, per settings, auto-fill these forms for the user. This sensing/filling demands parsing and parsing has long been an Achilles heel of product security – a vector through which attacks can introduce malware and take control of an application.

"Alternative approaches, such as LastPass on Apple’s iPad, do not have this level of integration. In this scenario, the user must switch between the application in which they’re authenticating and the separate LastPass mobile app. The user cuts/pastes their credentials between the two. This compartmentalisation disallows the kinds of exploitation we’re seeing time-and-time-again, but at a high cost to convenience."

Comments

Post a Comment

Popular posts from this blog

How Google reinvented security and eliminated the need for firewalls

Image
How Google reinvented security and eliminated the need for firewalls In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter. By Neal Weinberg Executive Features Editor, Network World | Feb 15, 2017 10:48 AM SAN FRANCISCO -- In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter. Over time, however, that perimeter developed holes as Google’s increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the cast
Read more

7 free alternatives to Microsoft Office you can consider

Image
  7 free alternatives to Microsoft Office you can consider Microsoft Office is one of the most-popular productivity suites globally. It is used by companies worldwide for spreadsheets, Word, PowerPoint and more. However, it really does not come cheap. if you are are looking for some more affordable/free alternatives, here are seven that you can look at:   Google Workspace Google Workspace is one of the most popular alternatives to Microsoft Office. It is free and offers users 15GB of cloud storage for storing files, mails, attachments and more. Workspace includes several Google apps and services including Google Docs, Sheets, Slides as an alternative to Word, Excel and Powerpoint. It also includes Google Drive, alternative for Microsoft OneDrive.   iWork is another good free alternative to Microsoft Office, but it is best suited for Apple users (Mac, iPhone and iPad). There’s a web-version too, but it has limited functionality. In terms of Apple iWork offers Pages, Numbers and Keynote
Read more

How to back up Android devices: The complete guide

Image
How to back up Android devices: The complete guide Make sure all your important data is always synced and protected with this easy-to-follow Android backup guide. Thinkstock 'Twas a time not so long ago when backing up an Android phone was a massive, migraine-inducing undertaking. It's true: A mere matter of years back in our mobile device saga, a proper Android backup required physical computer connections , complicated third-party software and more than a few adult beverages. But my, what a difference a few years makes. These days, backing up an Android device and keeping your data synced takes little to no actual effort. Most of the work happens seamlessly and automatically, behind the scenes — either without any involvement on your behalf or with a one-time opt-in when you first set your phone up. And restoring your data is typically as simple as signing into a device and letting Google's systems work their magic. Still, your data is i
Read more